11. Install mcafree or Kaspersky Server version, vnc Install blackice firewall. Open 21, 80, 443, 6900, 10000-10020, 63389. And set serv-u to use port 10000-10020 for Pasv transmission. Select the link network card on the second page of the firewall, and remove the hook of the FTP server inside.
12. Run permission setting script
13. Disable the following services
14. Computer Browser maintains the latest list of computers on the network and provides this list
Routing and Remote Access Provides routing services for enterprises in LAN and WAN environments
Removable storage manages removable media, drivers and libraries
Remote Registry Service Allows remote registry operations
Print Spooler Load the file into memory for later printing. Friends who want to use the printer cannot disable this item.
IPSEC Policy Agent Manage IP security policies and start ISAKMP/OakleyIKE) and IP security drivers
Distributed Link Tracking Client Send notifications when files move in NTFS volumes in the network domain
Com+ Event System Provides automatic publishing of events to subscription COM components
Alerter Notify selected users and computer management alerts
Error Reporting Service Collect, store and report exception applications to Microsoft
Messenger Transfers NET SEND and sirens service messages between the client and server
Telnet allows remote users to log in to this computer and run programs
15. Prevent SYN flood attacks
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"SynAttackProtect"=dword:00000002
"EnablePMTUDiscovery"=dword:00000000
"NoNameReleaseOnDemand"=dword:00000001
"EnableDeadGWDetect"=dword:00000000
"KeepAliveTime"=dword:00300000
"PerformRouterDiscovery"=dword:00000000
"TcpMaxConnectResponseRetransmissions"=dword:00000003
"TcpMaxHalfOpen"=dword:00000100
"TcpMaxHalfOpenRetried"=dword:00000080
"TcpMaxPortsExhausted"=dword:00000005
"EnableICMPRedirects"= dword:00000000
Disable IPC empty connection:
Cracker can use the net use command to establish an empty connection, and then invade. There are also net view and nbtstat. These are all based on empty connections, so it is enough to prohibit empty connections. Open the registry and find Local_Machine/System/CurrentControlSet/Control/LSA RestrictAnonymous Change this value to "1".
Change TTL
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameter
DefaultTTL REG_DWORD 0-0xff(0-255 decimal, default value 128) changed to an inexplicable number such as 258
Delete the default share
Someone asked me to share all disks as soon as I turned on the computer. After I changed it back, the restart became sharing. This is the default sharing set by 2K for management. It must be cancelled by modifying the registry: HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/LanmanServer/Parameters
AutoShareServer type is REG_DWORD and change the value to 0.
After restarting, check whether the shared directory still exists. ipc$, c$, d$, e$, f$, admin$, etc.
Prohibit empty connection establishment
By default, any user connects to the server through an empty connection, and then enumerates the account and guesses the password. We can prohibit the establishment of empty connections by modifying the registry:
Change the value of Local_Machine/System/CurrentControlSet/Control/LSA-RestrictAnonymous to "1".
Previous page12Read the full text